Thank you

Sorry

October is not only Cybersecurity Awareness Month; it ends with Halloween. So I worked with some folks at Globalscape to come up with a set of Cybersecurity Awareness Month tips.

We decided to go with a Halloween theme -- something like “October is a month of zombies and ghosts and all manner of scary monsters, so it's the right time to focus on what we need to do to stay safe.” (Just rolls off the tongue, right?) So to help you celebrate (and enjoy more treats than tricks), we're offering some of our best tips -- dressed up in Halloween style -- to help you keep your networks and your data safe and secure.

This phrase is more often associated with another popular holiday. However, phishing schemes often dress up as email that looks like it came from someone you know, but on closer inspection might contain clues that suggest it's a trick.

The key here is to double check suspicious email, keeping an eye out for anything unusual. If you can’t tell the difference between BOO and B00, you could be in for a fright.

Security training and awareness is important to keeping staff vigilant and aware of their responsibilities, especially while handling sensitive information. Training programs should be up-to-date and every employee (all the way up to the CEO) should be educated periodically on company policy. Many organizations require that security training be completed at least once a year.

We all make mistakes. So, whenever possible, your organization should invest in systems that use automation to add constraints to the handling of sensitive information and minimize the risk of a data breach due to human error.

Making it harder to do something when it might involve a risk is a good thing.

Keep your security tools up-to-date. Run patches when they become available. Be careful not to use unsanctioned applications out of convenience. Hackers are very good at exploiting vulnerabilities as soon as they are discovered.

Ransomware is a growing scourge that has infected businesses of every size and type, locking up valuable information and shutting down critical systems with the promise of release only for a high price.

Prevention is the best protection against ransomware, but have a plan B in case you are victimized. One good strategy is to have good backup practices in place, and to periocially test that the files on those backups are usable.

Back up your systems daily and archive critical files offline. Having clean reliable copies and practiced restoration plans may help you to weather ransomware storms along with many other kinds of attacks and mistakes.

Make security part of the way your organization thinks. It's not just the cyber experts who need to think security. Social engineering takes advantage of people's instinct to trust. Get everyone thinking about the ways someone might try to trick them into giving up sensitive data.

Take cyberthreats very seriously. They can be extremely costly, sometimes causing serious damage to your organization's reputation and sometimes resulting in loss of business.

Routinely scan your systems for vulnerabilities. Look into intrusion detection tools to help you quickly identify breaches. And be on the lookout for any indications that systems are not working properly.

Get people working together, encourage the reporting of suspicious events, and reward your staff for participating in overall security.

Periodic reminders to staff of what is expected of them and clear instructions on how to report suspicious activity can go a long way toward preparing employees to respond with caution to possible threats.

This rule is not just for boy scouts. For my last bit of advice, as a long-time Unix sysadmin and cybersecurity advocate, I would like to remind you to never stop preparing.

The boogeyman is coming. In fact, he's probably at your door right now repeatedly trying to break in. Never stop looking for the holes in your systems and your practices that might allow breaches to occur.